• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 61
  • Last Modified:

Sonicwall NSA250 Content Filtering

We have implemented a new Dell Sonicwall NSA 250M. It has 2 WAN connections, setup for failover. When one WAN goes down it WILL NOT automatically switch over to the other one so long as it detects the network cable is still plugged in. IT has to be unplugged before it will switch. (This is issue #1)

We have also enabled content filtering, via local users and LDAP. Connection is good to LDAP, as we can sync groups, and apply certain CFS policies to each group, with a DEFAULT policy still configured (supposedly for anyone who doesn't authenticate to LDAP). However, under Users>Status, not all users are showing up. Sometimes 4-5 users show up, other times 19-20 show up. There should be consistently about 30-40 users at any given time throughout a work day. So I don't think this is working correctly...

Also, with content filtering enabled like this, Our Scan-to-Email from a Konica Minolta BizHub gets blocked... Not sure why. It should get the default policy. I have tried adding its IP to the CFS exclusions list, but to no avail... Please help! Any info would be great.

We don't specialize in SonicWall, a client bought it on their own, and I need some serious help getting it to work correctly.

1 Solution
Aaron TomoskySD-WAN SimplifiedCommented:
1. wan failover - I'll assume you are using the routing section with "Disable route when the interface is disconnected" (the default). what you need to do is create/enable a probe for the link. Without the probe, it just looks to see if the interface is up.

2. content filtering - users only show up when they auth and they will only auth when they try to hit something that requires auth (something you are blocking). use the sso section to automatically auth users from radius/ad logs/browser/etc...Personally I have good success with the dc logs method (run the directory connector on a member computer somewhere).

3. scan-to-email - after you get the directory connector up, assuming the konica logs into a fileshare or something that will register in your dc, you can assign it's user permissions for CFS. If you need to do the ip, there are a few boxes that have to all be checked for it to work right. Let me know if you can't get it working with a user and we can go from there. I'd need to see screenshots of the CFS setup page for your specific firmware as they have made changes recently.
Pintanin DuttaCommented:
issue 1:
i>Under Network>Failover & LB, Enable Respond to Probes.
ii>Click on configure button for Default LB Group, go to Probing tab and disable Probe responder.global.sonicwall.com on all interfaces in this group checkbox if enabled.
iii>Expand the Default LB Group and configure the WAN interfaces individually, select Logical/Probe Monitoring enabled and Probe succeeds when either main or alternate target responds, configure main and alternate targets with icmp and configure hosts as external DNS IP addresses like or
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now